Announcement Announcement Module
Collapse
No announcement yet.
isAuthenticated() is always false. Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • isAuthenticated() is always false.

    Hi All,
    I am using the UsernamePasswordAuthenticationToken for authentication. I can see the following in the log

    =================================================

    [java] 2005-03-16 14:35:09,054 DEBUG org.springframework.jdbc.core.StatementCreatorUtil s - Setting SQL statement parameter value: columnIndex 1, parameter value [testuser], valueClass [java.lang.String], sqlType 12
    [java] 2005-03-16 14:35:09,054 DEBUG org.springframework.jdbc.datasource.DataSourceUtil s - Closing JDBC connection
    [java] 2005-03-16 14:35:09,054 DEBUG org.springframework.context.support.ClassPathXmlAp plicationContext - Publishing event in context [org.springframework.context.support.ClassPathXmlAp plicationContext;hashCode=25699763]: net.sf.acegisecurity.providers.dao.event.Authentic ationSuccessEvent[source=net.sf.acegisecurity.providers.UsernamePass wordAuthenticationToken@c9630a: Username: testuser; Password: [PROTECTED]; Authenticated: false; Details: null; Not granted any authorities]
    ==============================================

    There is an AuthenticationSuccessEvent but the Authenticated property still shows false. When and how does the authenticated property be set to true?


    Any ideas??

    Thanks in advance

  • #2
    This sounds like a very similar problem to my post ref:

    upgrading 0.8.0 Null authentication SecureContextImpl

    Comment


    • #3
      Just looked at the source for DaoAuthenticationProvider and UsernamePasswordAuthenticationToken...

      Basically it looks like on a successful auth, the DaoAuthenticationProvider is simply returning a new UsernamePasswordAuthenticationToken with the same exact properties you supplied in the first place. It never runs setAuthenticated(). I'd say this is a bug.

      Here's the method in question from DaoAuthenticationProvider:
      (the authentication passed in is the original Authentication object)
      Code:
      protected Authentication createSuccessAuthentication(Object principal,
              Authentication authentication, UserDetails user) {
              // Ensure we return the original credentials the user supplied,
              // so subsequent attempts are successful even with encoded passwords.
              // Also ensure we return the original getDetails(), so that future
              // authentication events after cache expiry contain the details
              UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal,
                      authentication.getCredentials(), user.getAuthorities());
              result.setDetails((authentication.getDetails() != null)
                  ? authentication.getDetails() : null);
      
              return result;
          }

      Comment


      • #4
        http://forum.springframework.org/viewtopic.php?t=227
        http://forum.springframework.org/viewtopic.php?t=1606

        Comment


        • #5
          thanks.
          that makes some more sense.

          Comment

          Working...
          X